where do you keep your multiple tomato login credentials?

Discussion in 'Tomato Firmware' started by Madumi, Mar 20, 2018.

  1. Madumi

    Madumi Serious Server Member

    I'm guessing most all people on the forum here are security conscious... So, in an age where it's impossible to physically remember all your passwords/logins, how do you maintain adequate security?

    I don't know why, but personally I gravitate away from password vault style computer apps/programs. I guess I feel that by using one, I would be jumping on a platform that hackers specifically target, and that would carry inherent security risks.

    I have been accustomed to keeping a word 2007 doc (SHA-1, 128 bit key, stretched 50,000 times), but there again, word encryption is targeted by hackers too, though I think at present, brute force is the only way of cracking it.

    I have been thinking of switching to the open source EncryptPad (AES-256, SHA-512, 1,000,000 iterations), but it seems a relatively small endeavor, written by one software engineer & it's untested territory, I don't think anyone knows for sure if his code has no chinks.

    My personal preference is for keeping login credentials on a removable device, and protecting each file on that device with a password...

    Any suggestions? I'd love to hear how others store their credentials etc.
    thanks!
     
  2. koitsu

    koitsu Network Guru Member

    KeePass in portable mode.
     
    Edrikk and Madumi like this.
  3. monoton

    monoton Serious Server Member

    I use KeePassXC.
     
    Madumi likes this.
  4. Madumi

    Madumi Serious Server Member

    Interesting... Do you not find a "database" format awkward for accessing the credentials you need (I am accustomed to having credentials listed in a text document, making it easier to find the details I need for copy/paste...?
     
  5. kille72

    kille72 LI Guru Member

    I use KeePass/KeePassHttp + Chrome/chromeIPass
     
    Madumi likes this.
  6. monoton

    monoton Serious Server Member

    In KeePassXC and probably in KeePass there's an auto-type setting where you can have the credentials associated to a key combination for a specific window/page. So I find it easy and time saving once setup.
     
    Madumi likes this.
  7. koitsu

    koitsu Network Guru Member

    Be aware the "perform auto-type" feature of KeePass (don't know about other forks of KeePass) is extremely dangerous. It has the ability to lock/tie to a certain window/program, but not the ability to reliably change cursor/input focus within that application/window, which often forces the person to have to bind it to a function key sequence. I did the latter a few months ago -- due to this problem, it erroneously ended up pasting a password for something unrelated (FFXIV's authentication dialog) into public Discord (!!!), where I had several people say "um... that looks like a password, koitsu...". :mad:

    Be very careful with that feature -- you really have to test it thoroughly and make sure you know what you're doing. I prefer copy-paste myself.
     
    kille72 and Madumi like this.
  8. kille72

    kille72 LI Guru Member

    Looked around a bit, thanks to this post. I'm going to migrate to KeePassXC/KeePassXC-Browser + Chrome/KeePassXC-Browser which is considered safer, do you agree?

    "A note about KeePassHTTP
    KeePassHTTP is not a highly secure protocol and has certain flaws which allow an attacker to decrypt your passwords if they manage to intercept communication between a KeePassHTTP server and KeePassHTTP-Connector over a network connection (see here and here). KeePassXC therefore strictly limits communication between itself and the browser plugin to your local computer. As long as your computer is not compromised, your passwords are fairly safe that way, but use it at your own risk!

    As of KeePassXC 2.3, we deprecated KeePassHTTP in favor of KeePassXC-Browser. If you are still using KeePassHTTP, please migrate to KeePassXC-Browser. Support for KeePassHTTP will be removed in the future."
     
  9. monoton

    monoton Serious Server Member

    You can use "Custom Auto-Type Sequence" to omit the ENTER key. That way the credentials will be auto-typed but you have to press ENTER manually. (KeepassXC, don't know about the other variants)
     
  10. RMerlin

    RMerlin Network Guru Member

    I use SplashID - been using it for years (back to my Palm days).

    I have its cloud-based sync feature disabled (it's optional), and do a wifi-based sync between my desktop and my cell phone.

    I'm up to 660 entries in it now (it contains both personal and customer logins)...
     
    Wolfgan and kille72 like this.
  11. Magister

    Magister LI Guru Member

    The only one I trust is PasswordSafe at https://pwsafe.org/
    I have 0 trust in the online database one...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice